We need to avoid Dynamic SQL like this
string strQry = "SELECT Count(*) FROM Users WHERE UserName='" +
txtUser.Text + "' AND Password='" + txtPassword.Text + "'";
because if user enter Username name value likely ' Or 1=1 -- then it return true what's ever the value we have in password.